[BlueOnyx:27208] Re: 5211R error GUI login after 2fa
Michael Stauber
mstauber at blueonyx.it
Thu Aug 22 12:09:08 -05 2024
Hi Janwillem,
> One of our 5211R doesn't allow me anymore to login into the GUI as admin.
> After entering the 2FA code I get an "internal server error The server
> encountered an internal error and was unable to complete your request."
>
> /var/log/secure shows:
> Aug 22 16:51:48 ds50 cced(smd)[11928]: PAM unable to
> dlopen(/usr/lib64/security/pam_cracklib.so):
> /usr/lib64/security/pam_cracklib.so: cannot open shared object file: No
> such file or directory
You can ignore that pam_cracklib.so error as it has no relevance to your
problem and doesn't affect logins.
To see why you get "internal server error" in the GUI you could turn on
GUI-debugging and that would help us to find the real cause of the problem:
https://www.blueonyx.it/blueonyx-5211r-debugging
> I do have SSH access
> Any idea for a quick fix or how to enable 2fa temporarily from the
> commandline?
As "root" and from the shell run /usr/sausalito/bin/cceclient to fire up
CCEClient:
[root at server ~]# /usr/sausalito/bin/cceclient
100 CSCP/0.99
200 READY
In there type:
FIND System
That will report back something like this:
104 OBJECT 1
In this example it tells us that the 'System' Object has the OID #1.
Then enter this:
SET <OID> gui_2fa = "0"
Replace <OID> with the Object ID that the "FIND System" command had
reported back. In our case that was the number 1, so we'd use:
SET 1 gui_2fa = "0"
It will report back "201 OK" if the transaction was successful. And that
then has set 2FA to disabled.
Alternatively: You could run "rm -f ~admin/.google_authenticator" to
remove the 2FA config file for user "admin". That would allow you to
login to the GUI as "admin" (without 2FA) and then you could turn off
2FA via the GUI.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list